W32.Miniman@mm


Aliases: I-Worm.Miniman, W32/Miniman, I-Worm/Miniman, WORM_MINIMAN
Variants: Email-Worm.Win32.Miniman, W32/Miniman@MM, Miniman Internet Worm

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 20 Aug 2003
Damage: Low

Characteristics: The W32.Miniman@mm belongs to the category of mass mailing Worms which target the contents of the address book of the default email client of the operating system. These harvested email addresses become the target for the Worm's spreading routine. It makes use of either a VBS or an EXE format file for its attachment. Like most Worm variants, it will attempt to trick the recipient into launching the file attachment to being its infection routine.

More details about W32.Miniman@mm

On its first launching the W32.Miniman@mm will drop into the host computer system its executable file components. These files will be stored in the directory folder of the operating system. It will invoke the Run command in the initialization file with the value equivalent to the exact location of the executable file in the hard drive. The W32.Miniman@mm will modify the system initialization file by adding its value to the Shell instruction. These routines are intended to make sure that its codes will be successfully loaded at every reboot or startup instance of the infected machine. The W32.Miniman@mm will proceed by creating a batch file which is immediately executed. This will result in the disabling of the mouse pointing device and the keyboard.

The payload delivery routine involves the sending of two separate email messages. The first email which will pretend to be sent from the operating system developer will be forwarded by the W32.Miniman@mm to all contacts stored in the address book of the email client. It will have two file attachments. After successfully sending the first email, the W32.Miniman@mm will second a second email that is supposedly a computer game and has one file attachment. The W32.Miniman@mm will then create another batch file which is intended to delete files from specific folders on the hard drive.